Google Ads
Google Ads

Mac OS X Sandboxing Flaw Reported

Mac OS X Sandboxing Flaw Reported

A popular security firm for Mac researcher has reported a flaw in the sandboxing application of Mac OS X.

The function is expected to be applicable on Mac App stores in the month of March 2012, as was announced by the apple Inc. under which all apps which requires to enter into the Mac App store have to undergo the sandboxing function which is set to ensure that no malicious applications are installed by Mac users and will have to implement the system for the purpose obtaining approval.

The sandboxing feature has been designed to restrict the system resources that are provided onto the app, which means that a Mac application cannot execute certain commands formulated in its development which in turn will have an affect on other parts of programs on the operating system.

Since, the announcement of this functionality of the Mac app Store, many developers has a strong reaction against this. There are several research labs which are researching on this aspect and CoreLabs claims that he has found a flaw in the system which might pave way for malicious applications to the execution of commands without it getting into the knowledge of the operating system user. Mac operating systems which are vulnerable to this flaw are Mac OS X Leopard. Mac OS X Snow Leopard and Mac OS X Lion.

The assessment of the vulnerability reports that many of the default profiles of sandboxing feature are pre-defined and does not have the ability to properly set a limit to all the presently available mechanisms which, as a result, practices the restricted portion of the sandboxing functionality. To name a few, sending of the apple events is a great possibility within the no-network settings of the sandbox (kSBXProfileNoNetwork).

It was also reported that any compromised program which is restricted hypothetically by making use of the profile of no-network can gain access to network resources by using the events of Apple Inc. for the purpose of invoking the execution of those programs which are not directly restricted by the sandboxing application.

Another security researcher from a competing firm of CoreLabs, Sophos, explained that the claim by the researching company is yet to analyze that up to what level the reported flaw is problematic for Mac developers and users.

The major problem areas, as explained by CoreLabs, is that the sandboxing restrictions apply to all those processes which are directly spawned by the application of the Ma App Store, and they are not applicable on processes which are indirectly spawned to the store. From this, for example, a Mac user can make use of Apple script to give command to the operating system to run any other arbitrary programs or another copy of the user which does not inherit the settings of the sandboxing application.

However, some of the commentators of the Sophos are in agreement with the flaw reported by the CoreLabs.

The no-networking sandboxing flaw simply enforces the processes and its elements will not be allowed to create separate connections of the socket. It also does not hinder the access to the Apple Events file systems and any other such thing.

Speaking in practical terms, if an intruder tends to have access over an application which is operating below the sandboxing profile, the intruder can make use of the osascript through which another process can be launched and the same has the access to the internet which ultimately results in the bypassing of the sandboxing feature.

One additional risk that is associated with the sandboxing feature is that they are designed to offer several different scenarios under how a process can be restricted. If the flaw of the no-network profile allows the attacker to enter into Apple scripts events, it might result in the using of those applications which are making use of the same restricted rules which means adopting a false sense of security.

The company reporting the flaw also claims that it has informed the security team of the Apple Inc. and told that it was not a security issue as the documentation of the sandbox feature did not clearly state that the events of Apple will be restricted at the time of using the profile.

Be Sociable, Share!

    Related Articles

    Back to

    No comments

    Leave a Reply